Adding and Modifying Pre-Shared Keys

A new entity will automatically have one pre-shared key. You can add new pre-shared keys to an entity by clicking the Add button on the top row of the key table. This adds a new row to the table, displaying the newly created shared secret.

Figure : Pre-shared keys listed

The Type field shows the type of the key - but currently only psk (for pre-shared key) is defined. The Use Count option gives the number of times that this key has been used successfully to enroll a certificate. (Certain policy functions and policy attributes restrict multiple uses of the same key.)

The Reference Number is a unique identification number for this secret, assigned by the SSH Tectia Certifier Engine. This ID is required by the CMP protocol, which uses it to identify the used secret.

The Key field contains the actual shared secret. This is a free-form text string that was randomly generated when the secret was created.

The key can be removed by clicking the Remove button on its table row.

Clicking the Edit button displays more information about the key.

Figure : The Pre-Shared Key page

On this page you can change the key's type and use count. Increasing the Use count can be useful in certain situations, if a well known end user has used the key, but for some reason wants to enroll another certificate with same key. However, the recommended way to do this is to generate a new shared secret and distribute it to the user in order to minimize the possibility of key misuse.

The actual key can also be changed either manually (by typing a new value to the text field) or by clicking the Generate New Secret button. By typing a key, you can allow the use of passwords (passphrases) generated by external systems instead of random character strings generated by SSH Tectia Certifier. These passwords should, however, be of sufficient length.

All changes made on this page are committed to Database by clicking the Commit Changes button on the bottom of the page. This will also return the view to the main entity page. Clicking the Cancel button will discard the changes and return the view directly to the main entity page.